I have a complex design using IPSec tunnels to connect remote users. The IPSec tunnels to the devices work, however occasionally they drop. When the IPSec tunnels drop I seem to be getting the follow error being logged with ISAKMP and IPSec debugging turned on. I can find no reference to it anywhere on the Cisco Site. The error reads:
ISAKMP: Trying to decrement ipsec count below 0
This is logged a few times then I see:
ISAKMP:(0:4:SW:1):deleting SA reason "Death by retransmission throw" state (R) QM_IDLE (peer xx.xx.xx.xx)
Which I suspect is where the IPSec link is getting reset.
Can anyone explain to me what this means, and/or why this is happening?
I can't post configs etc. as this is relating to a military installation.
Thanks for any advice.